Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hello Microsofties!

From: Tucker Dummychuck <dummychuck () gmail com>
Date: Tue, 27 Jan 2009 17:07:12 -0800
I've not done this myself, but I think a good starting point would be VSTO
(Visual Studio Tools for Office). See
http://blogs.msdn.com/chhopkin/archive/2008/08/29/vsto-3-0-and-visio-essentials.aspx

thx
Tucker.

On Tue, Jan 27, 2009 at 6:54 AM, Mohammad Hosein <mhtajik () gmail com> wrote:


as much as it may look embarrassing since this is a hacker forum , once i
did a fairly complex Office Add-in development using tools come from "Add-in
Express" and it saves me a lot of time , and well , money .
but basically what you need is to instantiate a dozen of Office's whacky COM
classes and call a bunch of methods . its unreasonably undocumented and hard
to debug . instead , this package gave me a couple of components and Wizards
helped me ignore the complexity and just go on with my business .

http://www.add-in-express.com


On Tue, Jan 27, 2009 at 5:54 PM, Dave Aitel <dave () immunityinc com> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So as a side project I'm doing something weirder than usual: C#. Well,
it doesn't have to be C#. Ideally it'd be IronPython - but it's CLR
which means the underlying language is essentially C# no matter what
your syntax looks like.

Here's where we're coming from over at Immunity. It's great to have a
penetration testing tool. Everyone loves a nice GUI popping up shells.
But, in fact, for some large percentage of our customers you're really
only using that tool in order to fit it into your internal business
processes which Immunity typically knows nothing about. While we have
a number of people writing exploits using the CANVAS Python API, it's
not necessarily the way everyone wants to extend CANVAS. For example,
for unknown reasons, not everyone knows Python!

So instead we have an XML-RPC API. Ideally every network attack tool
would have the same XML-RPC API so you could talk to them all with the
same client code, but that might be asking a lot in the short run.

In the meantime, you have a ton of people using Visio with their
network diagrams, and I want to give them a way to connect to CANVAS's
running on those subnets and do cool things. Imagine if you could just
right click a Visio picture and say "What OS is this really?" or "Is
this machine patched for MS08_067?" or "Color all the MS machines on
this network red, and the Linux ones Blue" or "Tell me which machines
are on this network" or "Portscan these and tell me which ones are
IIS". Really, the possibilities are endless when it comes to business
logic automation.

Essentially, a web application these days is just one instance of
something consuming your XML-RPC API. Everyone else can build their
own web mashups, or even thick clients based on their own business
tools. Welcome to Web 2.0! :>

Anyways, my question is: Who has done something like this with Visio?
What do you recommend - and where is the IRC channel for quick help
with the Visio API? :>

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJfxkAtehAhL0gheoRAovYAJ0SUGxwYx2Ar+qoPeVyvaXx7Bfg+gCfVOii
7m/4FA8nFor060vtlPeZxnY=
=DtNJ
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave




_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: